/** * Output a JSON response, terminate script execution. * * @param mixed $result * @param SignatureSecretKey $signingKey Optional - used for API responses. */ function json_response($result, $signingKey = null) { if (!\headers_sent()) { \header("Content-Type: application/json"); \header('X-Content-Type-Options: nosniff'); \header('X-Download-Options: noopen'); \header('X-Frame-Options: SAMEORIGIN'); \header('X-XSS-Protection: 1; mode=block'); } if ($signingKey instanceof SignatureSecretKey || $signingKey instanceof SignatureKeyPair) { if ($signingKey instanceof SignatureKeyPair) { // We don't need the whole keypair. $signingKey = $signingKey->getSecretKey(); } $message = \json_encode($result, JSON_PRETTY_PRINT); $signature = Crypto::sign($message, $signingKey, true); unset($signingKey); die(Base64UrlSafe::encode($signature) . "\n" . $message); } // Otherwise, we're just dumping the message verbatim: die(\json_encode($result, JSON_PRETTY_PRINT)); }